Shostack + Friends Blog Archive


Organization in the way: how decentralization hobbles …

Another interesting article from Peter Merholz closes with:

Until now, user experience efforts have been focused on building teams that practice user-centered design (UCD). However, researchers at User Interface Engineering recently discovered that the size of an organization’s UCD practice is somewhat inversely proportional to the site’s usability. You read that right: Companies that invest in usability seem to be creating marginally worse products. If you consider the problem of design in modern organizations, there’s a clear explanation for this seeming oxymoron. The more a company invests in UCD, the more likely it is to create a separate UCD group or department. This group then plays the role of “interface cop,” reviewing everything before it goes out. Of course, this bottlenecks development processes; thus, the UCD department becomes a point of pain to route around.

You can just drop in “security” for “UCD” and I bet the same thing will hold. Too many security groups are in the role of gatekeeper, not collaborator. They are charged with poor goals such as “no break-ins,” which are hard to evaluate, hard to tie to ROI, and may miss larger issues, such as phishing.

One of the better groups I know has the title “Loss Prevention” on the org chart. Names are powerful things, as are goals. Choose them carefully.